US Officials Call For Federal Oversight Of Social Media Firms

Twitter suffered from cybersecurity shortfalls that enabled a ‘simple’ hack in the summer, which compromised the accounts of high profile figures, an official US report has concluded.

The report, from New York’s Department of Financial Services (DFS), also concluded that large social media companies be “designated as systemically important institutions with prudent (federal) regulation to manage heightened cybersecurity risk.”

New York’s Department of Financial Services had produced the report after New York Governor Andrew Cuomo ordered a probe following the 15 July hack of celebrity Twitter accounts.

Twitter hack

In August 17-year-old Graham Clark, pleaded not guilty to charges that he organised that Twitter hack in mid July.

That hack resulted in the Twitter accounts of very public figures and corporations including Elon Musk, Jeff Bezos and Bill Gates, tweeting a bitcoin scam that offered to double people’s bitcoin payment.

The DFS report found that Twitter lacked adequate cybersecurity protections and, at the time of the attack, did not have a chief information security officer.

It said that the hackers had accessed Twitter’s systems with a simple technique: by calling Twitter employees and claiming to be from Twitter’s IT department.

After the hackers duped four employees into giving them their log-in credentials, they hijacked the Twitter accounts of politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and several cryptocurrency companies.

Following the Twitter hack, the social networking firm confirmed that the hackers had targeted a small number of its staff through a phone “spear phishing” attack.

Twitter said it has taken “significant steps” to limit access to account management tools while the company’s investigation continued.

Poor security

But the DFS report stated that despite being a global social media platform with over 330 million average monthly users in 2019, Twitter lacked adequate cybersecurity protection.

“At the time of the attack, Twitter did not have a chief information security officer, adequate access controls and identity management, and adequate security monitoring – some of the core measures required by the Department’s first-in-the-nation cybersecurity regulation,” the report stated.

“Considering social media’s increasingly critical role as a source of news and information, the ease of the Twitter hack shows Twitter’s vulnerability to an election-related hacking attempt,” it added.

“Twitter and other large social media companies have no dedicated federal or state regulator ensuring that their cybersecurity policies and programs adequately address the risks of their digital operating models,” it noted.

Federal oversight

And the DFS report then recommended that there should be federal oversight of social media firms, given their size and importance.

“Instead, they are largely self-regulated and have no accountability for significant cybersecurity lapses as occurred in the Twitter hack,” it stated. “The report recommends that the largest social media companies, whose platforms reach millions of people around the world, should be designated as systemically important institutions with prudent regulation to manage heightened cybersecurity risk.”

“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” explained superintendent of Financial Services Linda A. Lacewell.

“The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” said Lacewell. “As we approach an election in fewer than 30 days, we must commit to greater regulatory oversight of large social media companies.”

“The integrity of our elections and markets depends on it. The swift and effective response of DFS-regulated cryptocurrency companies illustrates how effective regulation can foster innovation and growth, while also protecting consumers,” said Lacewell.

Besides the US arrest and charges against Graham Clark, a man in the UK has also been arrested as part of the criminal investigation.

Mason Sheppard, 19, in Bognor Regis was named at the UK citizen arrested, as was American Nima Fazeli, 22, of Orlando.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

1 day ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

1 day ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

1 day ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

1 day ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

1 day ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

1 day ago